Published on April 06, 2022

Let’s start with the rather ominous etymology of the word, “metaverse.”

The word first entered the cultural vernacular in 1992 when Neal Stephenson’s dystopian science-fiction novel “Snow Crash” hit book shelves. The novel became a favorite of Silicon Valley titans, including Google co-founder Larry Page.

Snow Crash’s metaverse described a virtual world—one that humans visit via augmented reality, the internet, and eye goggles. Just like Mark Zuckerberg’s vision, the characters in Snow Crash enter the metaverse embodied in an avatar of their choosing.

In Stephenson’s novel, humans primarily enter the metaverse as a way to escape their dystopian existence on Earth. The main character, satirically named Hiro Protagonist, enters the metaverse in an effort to stop a computer virus that causes real-life brain damage.


In Snow Crash, there’s a subculture of people who opt to spend all their time in the metaverse; these metaverse addicts are called “gargoyles” in the novel—make of that what you will.


The characters in Snow Crash use encrypted electronic currency to buy virtual real estate in the metaverse—much like what is happening today on blockchain-enabled VR platforms, like Decentraland and Sandbox.

Stephenson’s metaverse feels prescient. We’ll discuss addiction and cryptocurrency usage later. But to begin with,

What is the metaverse?

According to Meta’s blog, the metaverse is “the next evolution of social connection.” Okay, but wait a second, was Facebook the first evolution of social connection? If so, this doesn’t inspire much confidence, as it’s not clear that Meta has a handle on the civic and media effects of their legacy business.

And it’s not just me. Many media scholars take umbrage with Zuckerberg’s plans. In an op-ed for CNN, media theorist Douglass Rushkoff writes,

“Going Meta is Facebook’s escape hatch; it’s Zuckerberg’s way of telling us (and his investors) to forget about all the destruction his platforms have caused, and instead to look at the big picture. But if you look hard enough, you’ll see it’s not a big picture at all. It’s a tiny network of virtual worlds, connected by a business plan that always leaves its users with less than they started with. No, to get through the portal to Facebook’s metaverse, to go in the direction that Zuckerberg is pushing us, we must leave our humanity behind.”

A harsh assessment by Rushkoff, but not invalid.

It’s important to note that Meta is not the only company currently building out the metaverse. Deep-pocketed players, including Google, Roblox, Microsoft (“Minecraft”), and Epic Games (“Fortnite”), all have substantial metaverse footholds. Additionally, there are smaller, more egalitarian entities in the space—namely, Mysilio and Uhive.

At any rate, Zuckerberg seems to be leading the charge at the moment. As Zuckerberg explains, “You can think about the metaverse as an embodied internet, where instead of just viewing content, you are in it.” Zuckerberg, and others, see the metaverse as the next iteration of the internet. And much like the dot-com boom in the 1990’s, when people rushed to buy up domain names, we’re starting to see individuals and organizations buying NFTs and planting their corporate flags in the metaverse.

Without being overly alarmist, it’s worth examining what the creation of this metaverse will entail from privacy, security, and public policy standpoints.

The metaverse will be hard to police.

As initially reported by the Financial Times, a March 2021 employee memo from Meta CTO Andrew Bosworth admitted that moderating people’s behavior in the metaverse “at any meaningful scale is practically impossible.” Granted, this was over a year ago, but it is certainly worth noting. Historically, Meta has not been able to reign in the widespread, well-documented negative societal effects plaguing their legacy businesses, especially Facebook and Instagram.

Also, potential addiction, rampant harassment, and assault aside, most transactions in the metaverse will run on the blockchain. Since blockchain technologies are generally unregulated (there’s not a centralized authority to recover stolen assets), it remains to be seen how theft will be policed in the metaverse.

Stakeholders hope to learn from the early days of the internet.

To be sure, the internet’s nascent days revolutionized commerce; however, this didn’t happen seamlessly. For example, websites in the early 1990’s were littered with scams. Bad actors took advantage of users’ unfamiliarity with the technology; they created sites to impersonate banks, organizations, and other entities. Undoubtedly, phishing campaigns, crypto jacking, and other scams will be prevalent in the metaverse as well.

Social engineering will be intense.

Microsoft, in a recent post entitled, “The metaverse is coming. Here are the cornerstones for securing it,” acknowledges that the metaverse will be ripe for social engineering attacks.

It’s one thing to receive a fake request from a colleague’s email address, and quite another to look at your colleague’s (albeit, an avatar) face and process that same request. There is little doubt that avatars will be falsified, stolen, and weaponized by bad actors.

Microsoft rightly contends that security is a team sport; Charlie Bell, Microsoft EVP of Security writes, “Today, ISPs, cloud providers, device manufacturers—even industry rivals in these markets—recognize the need to work together on security issues.” Of course, Microsoft is a stakeholder in the metaverse, and they are financially incentivized to try to prepare for the litany of security and privacy issues that lay ahead.

Security and privacy concerns abound.

From a security perspective, the cyber attack surface will expand significantly. There will be IoT devices and wearables from multiple vendors; sensors will collect data all throughout offices and homes; and metaverse companies will actively process a colossal amount of user behavior in real time. As mentioned before, the use of avatars will make it easier for bad actors to commit fraud, and the prevalence of cryptocurrency transactions will make it easier for them to hide their ill-gotten gains.

Things are equally concerning from a privacy perspective. Companies that run the metaverse will use AR/VR devices that collect a ton of personally identifiable information (PII), including financial and personal data. After all, how else will the businesses and organizations in the metaverse verify who we users are? Even more problematic is the fact that many of these businesses will want to collect biometric data, such as fingerprints and facial recognition.

Zuckerberg is currently spending billions in an effort to replicate the physical sense of touch in the digital world. Not to mention, in addition to readily-available headsets and googles, haptic vests are already on the market.

This all constitutes a level of personal data collection that is not currently socially acceptable; however, in a few years, who knows? As we’ve seen, when it comes to giving up personal data, the public eventually acquiesces. It can be a bit of a slippery slope.

The metaverse could spark arguably much needed legislation.

The metaverse may well be a catalyst for an AI Act or a national digital privacy act that prohibits the sale of user data to third parties. Until then, however, these remain troubling, open questions that will be answered by metaverse players and market dynamics rather than legislation.

And what does Zuckerberg think about the comparisons folks are making between the metaverse in Stephenson’s “Snow Crash” and the one he’s working to create?

In an interview with The Verge, Zuckerberg explains, “Obviously, the book has this whole environment around it that’s sort of negative. But I don’t think it has to be that way. I also think that as these technologies develop, they take on different connotations and metaphors. I would be very surprised if five years from now the main association that almost anyone had with the metaverse was about the initial mention of it in Snow Crash.”

In summation, what do the metaverse creators have in store for us?

Robin Mansell, professor of New Media and Internet at the London School of Economics, offers a blunt, clear-eyed view of our metaverse future.

As Mansell tells The Guardian, “For me, it seems like it is simply another step in the monetization of data to the benefit of Facebook and other large platforms sold to people as fun, exciting, helpful for productivity at work and so on.”

So, a future defined by corporate avarice where society suffers, and users endure horrible new media effects. Sounds like a certain 1992 novel I know.

John Donegan

John Donegan

Enterprise Analyst, ManageEngine

John is an Enterprise Analyst at ManageEngine. He covers infosec, cybersecurity, and public policy, addressing technology-related issues and their impact on business. Over the past fifteen years, John has worked at tech start-ups, as well as B2B and B2C enterprises. He has presented his research at five international conferences, and he has publications from Indiana University Press, Intellect Books, and dozens of other outlets. John holds a B.A. from New York University, an M.B.A. from Pepperdine University, an M.A. from the University of Texas at Austin, and an M.A. from Boston University.

 Learn more about John Donegan